---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: pl-deleter-service-account
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: pl-deleter-cluster-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: pl-deleter-role
subjects:
- kind: ServiceAccount
  name: pl-deleter-service-account
  namespace: "{{ .Release.Namespace }}"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: pl-deleter-cluster-role
rules:
# Allow actions on Kubernetes objects
- apiGroups:
  - rbac.authorization.k8s.io
  - etcd.database.coreos.com
  - nats.io
  resources:
  - clusterroles
  - clusterrolebindings
  - persistentvolumes
  - etcdclusters
  - natsclusters
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pl-deleter-role
rules:
- apiGroups:
  - ""
  - apps
  - rbac.authorization.k8s.io
  - extensions
  - batch
  - policy
  resources:
  - configmaps
  - secrets
  - pods
  - services
  - deployments
  - daemonsets
  - persistentvolumes
  - roles
  - rolebindings
  - serviceaccounts
  - statefulsets
  - cronjobs
  - jobs
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: pl-deleter-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: pl-deleter-role
subjects:
- kind: ServiceAccount
  name: pl-deleter-service-account
  namespace: "{{ .Release.Namespace }}"
